Printer Friendly
The Free Library
18,914,768 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Device identification could prevent majority of network attacks.


Phoenix Technologies Ltd. have announced the findings of a landmark study on Department of Justice network crime prosecutions that reveals most attacks used stolen IDs and passwords, resulting in far greater damages to affected organizations than previously thought: up to $10 million per occurrence and on average more than $1.5 million per occurrence. The report, "Network Attacks: Analysis of Department of Justice Prosecutions 1999-2006," concludes that 84 percent of attacks could have been prevented if, in addition to checking the user ID and password, the organization had verified the identity of the computer connecting to their networks and accounts. Previous studies on the financial damage of computer crimes used surveys of affected organizations, leading to often-questionable data and conclusions about such crimes. This new study conducted by research and advisory firm Trusted Strategies analyzed an·a·lyze  
tr.v. an·a·lyzed, an·a·lyz·ing, an·a·lyz·es
1. To examine methodically by separating into parts and studying their interrelations.

2. Chemistry To make a chemical analysis of.

3.  data validated by the legal process of all cases prosecuted and publicly disclosed by the Department of Justice between March 1999 and February 2006. Among the additional key findings of the study:

-- Average financial loss was more than $3 million per case

-- Although the global damages of viruses can be high, the average cost to an individual company from any single virus attack analyzed in this study was surprisingly low, at $2,382

-- The crimes hit most sectors of the U.S. economy, including government, technology, online retail, financial services The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page.  communications, education, manufacturing and healthcare

-- Attackers logging onto privileged user or administrator accounts where a small number of authorized au·thor·ize  
tr.v. au·thor·ized, au·thor·iz·ing, au·thor·iz·es
1. To grant authority or power to.

2. To give permission for; sanction:  computers were sanctioned to perform work caused the most damages.

In 88 percent of the cases, the attacker logged onto one or more privileged user accounts. Criminals who accessed privileged accounts obtained IDs and passwords through many means, including network sniffing sniff  
v. sniffed, sniff·ing, sniffs

v.intr.
1.
a. To inhale a short, audible breath through the nose, as in smelling something.

b. To sniffle.

2. , use of password cracking Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.  programs, collusion An agreement between two or more people to defraud a person of his or her rights or to obtain something that is prohibited by law.

A secret arrangement wherein two or more people whose legal interests seemingly conflict conspire to commit Fraud  with insiders and employees sharing their IDs and passwords with co-workers who later left the organization and used that knowledge to gain access.

The report concludes, "Network attacks could have been prevented in 84 percent of all cases if the organization had implemented device identification and authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC.

(2) Verifying the identity of a user logging into a network.  in addition to user ID and password protections. In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke"
put differently , only requiring user IDs and passwords for network access to high-value information assets should no longer be considered adequate network security."

The report, "Network Attacks: Analysis of Department of Justice Prosecutions 1999-2006," can be downloaded at https://www.phoenix.com/cybercrime. Phoenix Technologies Ltd. commissioned the report.
COPYRIGHT 2006 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2006, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Security News and Products
Publication:Software World
Date:Sep 1, 2006
Words:396
Previous Article:Top ten spyware threats for July.(Security News and Products)
Next Article:Kaspersky Anti-Virus 5.5 for Check Point FireWall-1.(Security News and Products)
Topics:



Related Articles
Protect Network Security Proactively.(Technology Information)
Device aims to lessen danger of hijacked gas trucks. (On the Homefront-Impact of War).(Vericom Technologies Inc.)
Securing network infrastructures: meshed topographies simultaneously preserve security and accessibility. (Storage Networking).
Vulnerability management technology: a powerful alternative to attack management for networks. (Storage Networking).
WPA aims to finish the job WEP started: what to know before it does.(Internet)
Network configuration management: an innovative, additional layer of network security.(Storage Networking)
Security platform from Vernier Networks takes "guilty until proven innocent" approach to stop network threats.
IRAQ - July 11 - Iraq 'Sliding Towards Civil War'.(Ali al-deeb's forecasts)
IT security beset by under-funding.(EDITOR'S NOTE)
Storage area network security: the human factor.

Terms of use | Copyright © 2010 Farlex, Inc. | Feedback | For webmasters | Submit articles